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Abstract — This paper presents a mechanism and algorithm for 
creating undeniable watermarks. It assumes a system where a con- 
tent owner or prouder uses outside agents to distribute its content. 
Content watermarked by distribution agents using this system will 
be undeniably recognizable by the content provider as originating 
with that distribution agent. That is to say that given N distribu- 
tion agents, the content provider will be able to tell which distri- 
bution agent watermarked the content. The system does not allow 
any distribution agent to watermark content that would appear to 
have been watermarked by another agent and It does also not al- 
low the content provider to watermark content that would appear 
to have been watermarked by a particular distribution agent. This 
allows the content provider to place a high degree of trust in the 
identification of the distribution agent and trace 'leak" locations 
or pirated copies of videos. 

1. Introduction 

More and more digital multimedia data is distributed through 
public networks. Many approaches are available for protect- 
ing digital data; these include encryption, authentication, time 
stamping and watermarking. Most existing watermark schemes 
in distributed systems depend on a trusted third party (TIP) to 
verify the authentication of the watermark system. The secure 
delivery of images over open networks proposed by Augot et 
al [1] may encounter situations that a "trusted third party" can 
not be found that can be trusted by both parties. Other water- 
marking systems that we are aware of that aim to accomplish 
the same end goal must employ the services of a "trusted third 
party" to put watermarking keys in escrow to be presented upon 
demand if there is a dispute. 

We propose a mechanism which does not need "trusted third 
party", every watermark is non-repudiation watermark, and can 
be used to identify the source of the watermark. Although there 
are many uses for this technology, the use for which it was de- 
veloped is multimedia content distribution forensic analysis. In 
these cases, the multimedia content must be kept secret and not 
distributed by unauthorized agents. Should the content "leak** 
and become uncontrolled, it is desirable to locate the source of 
the leak so that appropriate action can be taken (punitive dam- 
ages sought and security tightened for instance.) This multime- 
dia watermarking mechanism allows content to be linked to the 




Fig. 1 . Digital content distribution model with secure copy monitoring 

end user or distributor of the content, whichever is the respon- 
sible parry in a way that corrective action (l e S&l °r technical) 
may be taken with confidence. 

II. Secure Digital Content Distribution 

ARCHITECTURE 
A. Distribution Model with Copy Leak Tracing 

This paper introduces a novel multimedia watermarking 
mechanism that allows the non-repudiation of watermarked 
content. This is useful when the distribution of content needs 
to be known or proved. One such example is when copyrighted 
content and presentations of that content must be accounted for 
source and where the loss of control of that content could lead 
to monetary loss on the part of the content provider (who is as- 
sumed to also be the copyright owner). This non-repudiation 
watermark schema can be used for copy source tracking in a 
secure digital content distribution system which uses broadcast- 
ing technologies, such as satellite or multicast. The distribu- 
tion model is shown in Figure 1. The content provider passes 
the valuable digital content to the content distributor to be dis- 
tributed to all eligible clients, in this case, the clients are also 
distributors. All clients are required to put the watermarks into 
the digital content according to the proposed non-repudiation 
watermark schema so that content provider can trace the source 
of the leak if the copy is leaked. The novelty of the distribution 
model and non-repudiation watermark schema allows the reli- 
able and non-repudiable watermark to fulfill the needs and trust 
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Fig. 2. Noa-repudiate watermark scheme for digital multimedia distribution 

of content provider and content consumers/presenters. This dis- 
tribution model does not implement any protections to ensure 
that the watermark is applied properly, it is however assumed 
that both parties (the content provider and the distributor) will- 
ingly agree to follow the procedure as outlined. In the case 
where the distributor or the provider wishes to "cheat** the other 
by circumventing the watermarking procedure, other measures 
must be taken to ensure that this is not done [2], Also, water- 
mark attacks must also be addressed and considered in design- 
ing suitable watermark algorithm [3] for the system. 

B. Non- repudiation Watermark Schema for Distribution 

The non -repudiation watermark schema for digital multime- 
dia distribution is depicted in Figure 2. This schema requires 
the use of public and private key encryption algorithms and as- 
sumes the participation of one content provider and at least one 
content distributor. Both the content provider and the distribu- 
tor have their own private key that they do not share. This key is 
central to the identification of content watermarked by the dis- 
tributors. First the content provider sends a file with the content 
to the distributor. This may be done in a variety of ways in- 
cluding but not limited to transmission of the content through a 
data network and distribution of the content on physical media 
(for instance CDROM's or DVD's). Once the contem has been 
sent to the distributor, the distributor must contact the provider. 
This contact must be authenticated using "strong 1 * authentica- 
tion techniques. The exchange must be protected by "strong" 
encryption techniques. After authenticating with one another, 
the provider provides a random number to the distributor. The 
size of this random number is dictated by the watermark style 
to be used. Multiple watermark mechanisms may be used with 
this technology. The distributor generates a public and private 
key pair for the application of this watermark which we will call 
the watermark pair. The distributor uses the watermark pair 
private key to encrypt the random number passed to it by the 
provider. This encrypted number will be the watermark key. 
The distributor men watermarks the content with this key. Af- 
ter watermarking (or before, depending on the details of the 
watermark process), the distributor will transmit to the provider 
the public key of the watermark pair signed by its private key 
(not the watermark pair private key, the distributor private key) 




Fig. 3. Watermark embedding flow chart 

along with information that will allow the provider to obtain 
the watermark key given the watermarked content We will la- 
bel this information "location information". However, it may 
not designate a location in the traditional sense of the Word and 
will depend on the watermark technique selected. The provider 
archives this information so that the watermark may be detected 
later. 



III. Non-repudiation Watermark Embedding and 

Detection algorithms 

To satisfy the non-repudiation watermark schema require- 
ments, watermarking algorithms must have the following char- 
acteristics: First, the watermark should use a key from a large 
number space such that no two keys are likely to be identical 
if keys are chosen at random. Second, the watermark key can 
be detected given information other than the value of the key it- 
self. Third, each copy has a unique watermark associated with a 
distinguished key for transaction information in digital content 
distribution systems. In our digital cinema scenario, we need 
at least of 56 bits of watermark payload to identify a movie at 
each specific theater at each show time. Fourth, it is nice to have 
blank detection or semi-blank detection watermark. The water- 
mark detection agent should be able to detect out watermark 
without or with very limited information. Last and most im- 
portantly, we need to create non-fragile or robust watermarks. 
This is the most important requirement in this proposed wa- 
termark schema- To verify the watermark key, the watermark 
agent needs to reconstruct the encrypted key-stream exactly. 

The above watermark requirements set up guidelines for 
the watermark algorithm design. In mis paper, we develope 
an oblivious-detection watermark algorithm to allow the digi- 
tal content provider automatically trace down the distribution 
source of the content without knowing the distribution agent's 
watermark key. Instead, the provider can extract the watermark 
key and verify irrefutably that the distributor generated it. 

A. Wa lermark Embedding A Igorithms 

Within the non-repudiation watermark schema, the water- 
mark embedding procedure is depicted in Figures 2 and 3. First, 
content provider will distribute the valued digital multimedia 
content to all its customers, such as theater agents. Then con- 
tent provider will provide a unique nonce to each theater agent 
to uniquely identify the transaction. The nonce will be signed 
by the theater agent by using the theater's provider key to get its 
own unique watermark key. A watermarker is employed at each 
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theater agent's location as shown in Figure 2, where a water- 
mark protected digital multimedia copy will be generated. The 
watermarker may use various watermark algorithms, however, 
they must satisfy certain specific requirements. To enforce the 
validation of this watermark schema, additional security mea- 
sures must be used [2]. 

Our watermark algorithm [3] is robust to the attacks in both 
the temporal and spatial domains and to MPEG-recompression. 
We improve our previous semi-oblivious watermarking algo- 
rithm [3] to a fully oblivious watermark method. In our pre- 
vious dynamic wavelet feature-based watermark algorithm [3], 
we cast watermark bits into the energy of the blocks of selected 
middle frequency subbands of each static wavelet-transformed 
frame. We modify an energy value of the selected block cor- 
responding to the casting watermark bit. At the detector, we 
compare the energy of each block extracted from the water- 
marked (and attacked) video sequence with the corresponding 
original energy to determine the watermark bit. More detailed 
algorithm is described in [3]. Although the proposed semi- 
oblivious method fits in our proposed non-repudiation water- 
mark schema, it requires the extra information to be transmit- 
ted for watermark detection. In this paper, while we will use 
the similar wavelet subbands to cast the watermark bits at the 
middle frequency subbands of static frames, we will introduce 
the prudent method to cast the watermark such that the detector 
will not need any information from the encoder, an oblivious 
watermark detection, and still remain robust to attacks. 

After preprocessing the video as in [31, i.e. scene change 
detection, and temporal and spatial wavelet transformations the 
scene, we cast the watermark bits into the middle bands of the 
static frame of the video clip. Instead of separating the coeffi- 
cients into multiple blocks as in [3], we introduce a novel meth- 
ods of using polyphase transform for watermark casting. To 
simplify the explanation of the proposed algorithm, an exam- 
ple of the polyphase transform of one static frame of size 4x4 
with 1 -level wavelet spatial decomposition is illustrated in Fig- 
ure 4. LL, LH, HL and HH subbands are composed of {X\ 
X 2 X s {X 3 X A X 7 X 8 }, {X 9 X l0 X 13 X u } and {X n 
X12 Xis X\e} respectively. We consider all pixels in LL sub- 
band as the roots of each tree. Each root has its children along 
all the other subbands. This is the famous zero-tree structure 
introduced previously in state-of-the-art wavelet image coders 
such as EZW [4] and SPIHT [5J. We then apply the polyphase 
transform to all the subbands. The polyphase transform will 
subsample the wavelet coefficients in row and column direc- 
tions into multiple polyphase components. All components will 
eventually have similar characteristics to each other, e.g., the 
polyphase components will all have simi lar energy values. 

Next, the nearby components are paired up. The two com- 
ponents that will be paired as a couple will have to be spatially 
located next to each other to make sure that the pair shares sim- 
ilar features. Here we choose components 1 and 2 to be the 
I*' pair and components 3 and 4 to be the 2 nd pair. Only bit 
of watermark will be inserted into each polyphase-component 
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Fig. 4. An example of a polyphase transform occurs when a frame, which is 
assumed to have a size of 4 x 4, is segmented into 4 subbands of size 2x2 where 
Xi represents the i ih pixel, i = 1,. 16, from a frame of total 16 pixels. The 
image pixels can be grouped into successive polyphase components according 
to a particular spatial location in each original subband. Finally four polyphase 
components are generated. 

pair. The rule to cast watermark bit "1" into the l 3t pair of 
components 1 and 2 is that the energy of the block which be- 
longs to LH subband of component 1 0.e. Ei = X|) must be 
greater than the energy of the block which belongs to the LH 
subband of component 2 (i.e. £2 = X* ). In this work, we pro- 
pose to modify X$ and X4 as shown in Equation (1) such that 
Ei > E2, where i = 3 and j — 4 and a is watennark strength 
where 0 < a < 1. 



X - = (i-a)(^±^) 



(1) 



To cast watennark bit "0", we perform the same process but, 
instead, setting i — 4 and j = 3. It is worth to note that 
the larger the a value, the larger the difference between X}° 
and Xfi the higher the robustness and the worse the perceptual 
quality will be. It is clear that a plays a main role in adjusting 
a tradeoff between robustness and perceptual quality of the wa- 
termarked data. We conduct the same process for HL subband 
(Xq and Xia). Note that LL subband is not involved in water- 
mark casting process because too much visual quality would be 
distorted if we cast watermark bits into it 

From equation (1), we first change the coefficient values of 
both components to the average value of both. The polyphase 
transform is chosen because the coefficients of each polyphase 
component from the same spatial location will have approxi- 
mately the same value (i.e., X\ » Xi). Therefore, changing 
them to the average value ( X] | Xa ) will not dramatically affect 
their original values. However, it will equalize the amplitude of 
the coefficients before adjusting them based on the casting wa- 
termark bit. If there are other watermark bits, we will pursue in- 
equality in this way on the watermark bits into next polyphase- 
components pair until we run out of watermark bits to cast If 
there are some polyphase-components pairs left-over without 
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Fig. 5. Watermark detection flow chart 

watermark casting, we can repeat the same watermark bits over 
to increase extra reliability. We pursue the same process for 
other static frames. To finalize the watermark casting process, 
we will reverse the process of reconstructing the movie into 
the raw data domain by doing an inverse spatial- and temporal- 
wavelet transformations as described in [3]. 

R Watermark Detection Procedure 

To detect the cast watermark pattern before performing de- 
cryption as shown in Figure 5, we repeat some of the pro- 
cesses in the watermark casting procedure described in [3], i.e., 
scene detection, temporal wavelet decomposition, and spatial 
wavelet decomposition. Next we compute the energies of two 
polyphase components in the pair of the selected subbands and 
make a comparison of the energies to each another. For exam- 
ple, in the system described in Section III-A, after we computed 
2?3 and £4 , if £3 > E 4 , we detect " 1 " as a watermark bit, other- 
wise watermark bit is "0". We perform the same process repeat- 
edly until all the bits in every static frame have been detected. 
Furthermore, as described in [3], we may repeat the same pro- 
cess for every scene in the movie. We detect each watermark bit 
based upon the majority vote of watermark outcomes among all 
scenes. It is worth noting that, as described, our proposed wa- 
termark algorithm does not need use of the original movie or 
any information from the encoder to detect the watermark bit 
(oblivious watermarking). As described in Section n, This is 
very useful when a trusted third party and original copy do not 
exist in the security system environment. 

After a candidate watermark key is extracted, iterative at- 
tempts are made to verify the distributor's identification by de- 
crypting the key with the distributors' public key (provided at 
the watermarking time in schema of Figure 2) and then com- 
pared with the nonce in Figure 2 (given to the distributor at the 
start of the initial exchange.) If the decrypted watermark key 
matches the nonce, the content source has been successfully 
identified, if not, the producer goes on to the next distributor. 

IV. Experimental Results 

We simulated the watermark embedding and detection on 
the suzie and silent test sequences of 144 frames and assumed 
that each is one scene of a movie. Each frame has the size of 
144 x 176 pixels. We then applied 3-level temporal wavelet de- 
composition and 4-leve! spatial wavelet decomposition to both 
sequences and end up with 18 static frames with 99 polyphase 
components each. We chose to cast the watermark to the finest 




(a) 





Fig. 6. Visual comparison between (a) original suzie frame and (b) water- 
marked suzie frame when (c) represents the watermark: embedded 

HL and LH subbands and the second finest HH subband. In the 
digital cinema scenario, we need at least 56 bits of watermark 
payload to identify a movie at each specific theater at each show 
time. Therefore, we cast 10 bits in each static frame. Since all 
56 bits can be cast in 6 static frames, the other 12 static frames 
are cast with the same watermark to increase the robustness of 
the watermark. We first cast 60 watermark bits to the suzie and 
silent sequences with watermark strength a = 0.1. The PSNR 
of the watermarked sequences were at 44.23 dB and 41.96dB, 
respectively. Figure 6 shows the visual differences between the 
original and watermarked images, and no visual difference of 
the two images can be noticed. 

We then applied an MPEG compression attack to the wa- 
termarked "silent" sequence changing bit rates. All embedded 
watermark bits were correctly detected up to compression ra- 
tio of 1/14 of the raw data. For the temporal attacks, we can 
correctly detect all watermark bits when we subsampled frames 
from 25 fps to 12.5 fps and when we cropped the frames, mak- 
ing the sequence shorter by deleting the frames, from the begin- 
ning/end up to 66.7% of the total number of frames. To detect a 
watermark after frame subsampling/dropping attacks, we sub- 
stituted the missed frames with the average of the frames avail- 
able. This means our proposed algorithm can also tolerate the 
frame-averaging attack. Finally, we tested the proposed water- 
mark with spatial attacks. Watermark survives both when rows 
and columns were subsampled by 2, i.e., only 1/4 of the origi- 
nal size is retained. We tested cropping the rows on the top and 
bottom and the columns on the (eft and the right of each frame. 
Image size-cropping can be used in real applications, such as 
converting a wide-screen movie into a norma! TV screen-size 
movie. Our watermark survived very well when up to 30.68% 
of size of the image was cropped. 
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Abstract — Mobile agents are software entities consisting of 
code, data and state that can migrate autonomously from host to 
host performing some actions on behalf of a user. Unfortunately, 
security issues restrict the use of mobile agents despite its benefits. 
The protection of mobile agents against the attacks of malicious 
hosts is considered the most difficult security problem to solve 
in mobile agent systems. In a previous work, the Mobile Agent 
Watermarking approach (MAW) was presented as a new attack 
detection technique to aid to solve the problem of the malicious 
hosts. This approach was based on embedding a fixed watermark 
into the mobile agent In this paper, some improvements are 
introduced to MAW. Instead of a fixed watermark, the origin 
host embeds a watermark that can change dynamically during 
execution. In each host, the marked code creates a data container 
where the watermark will be transferred and the results will be 
hidden. When the agent returns home, the origin host verifies 
the execution integrity by applying a set of integrity rules to the 
containers. This paper also explains how MAW can be used to 
punish the malicious hosts by using a Trusted Third Party, the 
Host Revocation Authority. 

I. Introduction 

Mobile agents are software entities consisting of code, data 
and state and that can migrate from host to host performing 
some actions autonomously on behalf of a user. The use of 
mobile agents saves bandwidth and permits an off-line and 
autonomous execution in comparison with habitual distributed 
systems based on message passing. For this reason, mobile 
agents are especially useful to perform functions automatically 
in almost all electronic services, like e-commerce, data mining 
or network management. Despite their benefits, massive use 
of mobile agents is restricted by security issues. 

This paper introduces some improvements to the Mobile 
Agent Watermarking approach (MAW) [6]. Instead of a fixed 
watermark that is located into the results in some positions 
previously known by the agent sender (or origin host, as 
it is also called), the watermark can change dynamically 
during execution. Before sending the agent, the origin host 
embeds a watermark into the agent* s code by using software 
watermarking techniques [3]. During the execution in each 
host, the agent creates a data container that will be used later 
to verify the execution integrity and to hide the results. The 
agent transfers the watermark to the container by putting any 
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kind of avaliable data inside of it in an ordered way. When the 
execution finishes, the results are also fitted into the container. 
When the agent returns to the origin host, it applies a set 
of integrity rules to all the data containers. These rules can 
be inferred from the modifications performed in the agent's 
code during the watermark embedding. If a container does 
not fulfill the rules, this means that the corresponding host is 
malicious. The proposal not only detects manipulation attacks 
performed during the agent's execution, but it also proves the 
malicious behavior of the host. This paper introduces how 
MAW can be used to punish the malicious host by using a Host 
Revocation Authority (HoRA from here on) [8]. The HoRA 
must be considered an independent Trusted Third Party (TTP) 
in a mobile agent system, like the Certification Authority is 
considered in the Public Key Infrastructure (PKI). The HoRA 
stores a database with some information about the revoked 
host, i.e. those hosts that have been proven malicious. Before 
sending an agent, each origin host consults the revocation 
information in order to delete all the revoked hosts from the 
agent's itinerary. As a result, the revoked hosts will not execute 
agents any more. 

The rest of the paper is organized as follows: Section II 
describes the existing approaches to protect mobile agents; 
Section III details the improvements introduced in MAW; 
Section IV explains how to punish the malicious hosts by 
using MAW and the HoRA. Finally, some conclusions can 
be found in Section V. 

II. Malicious hosts 

The attacks performed by a malicious host that is executing 
the mobile agent are considered, by far, the most difficult 
problem to solve regarding mobile agent security. Notice that 
while it is possible to assure the integrity and authentication of 
the code, the data or the results that come from other hosts by 
using digital signature or encryption techniques, it is difficult 
to detect or prevent the attacks performed by a malicious host 
during the agent's execution. Malicious hosts could try to get 
some profit of the agent reading or modifying the code, the 
data, the itinerary, the communications or even the results 
due to their complete control on the execution. The agent 
cannot hold a decryption key because the hosts could read it. 
Furthermore, it is not sure that the host runs the complete code 
in a correct manner, or it simply does not allow the migration. 



223S 0-7803-8794~5/04S$20.00 O 2004 



c 



There are two main types of protection techniques: (1) at- 
tack avoidance approaches, that try to avoid the attacks before 
they happen; and (2) attack detection approaches, whose aim 
is detection after the attack has been performed. Detection 
techniques are less effective for services where benefits for 
tampering a mobile agent could be greater than the possible 
punishment. In those cases, attack avoidance approaches are 
recommended. Unfortunately, there is no current approach that 
avoids attacks completely. 

A. Attack avoidance approaches 

The simplest solution to avoid attacks is sending the agent 
only to trusted hosts, i.e. hosts that are not expected to attack 
the agent [11]. Obviously, this proposal is not useful in an 
open network like Internet because there are few trusted hosts. 
Yee introduces the idea of a closed tamper-proof hardware 
subsystem [15] where agents can be executed in a secure way, 
but this forces each host to buy a hardware equipment and to 
consider the hardware provider as trusted. Roth presents the 
idea of cooperative agents [12] that share secrets and decisions 
and have a disjunct itinerary. This fact makes collusion attacks 
difficult, but not impossible. Hohl presents obfuscation [9] 
as a mechanism to assure the execution integrity during a 
period of time, but this time depends on the capacity of 
analyzing the code of the malicious host. The use of encrypted 
programs [13] is proposed as the only way to give privacy and 
integrity to mobile code. The executing hosts run the encrypted 
code directly, and hence a decryption function is needed to 
recover the results. In [2] the approach is improved in the 
way that agents can traverse multiple hosts. In [1] the scheme 
allows the agents to take decisions while traveling by using 
a TTP. The difficulty here is to find functions that have the 
necessary properties, i.e. functions that can be executed in an 
encrypted way. Lately, in [5] a secure privacy homomorphism 
was presented, but its use is still limited to perform functions 
of an arithmetical nature. 

B. Attack detection approaches 

In [10], the authors introduce the idea of replication and 
voting. In each stage, a set of hosts execute the agent in a 
parallel way and send several replicas of the agent to the 
next stage. This offers a fault- tolerant mechanism to execute 
agents, but only can be used as an attack detection approach 
in those scenarios in which the hosts in the same stage are 
independent, i.e. they must have different interests to attack 
an agent. In [14], Vigna introduces the idea of cryptographic 
traces. During execution, the agent takes traces of instructions 
that alter the agent's state due to external variables. The origin 
host will only ask for the traces if it suspects that an executing 
host acted maliciously. Despite being the most widely known 
attack detection approach, it still has some major drawbacks 
that deter its implementation. At first, the executing hosts 
must store the traces for an indefinite period of time because 
the origin host can ask for them. Furthermore, verification is 
performed only in case of suspicion, but how a host becomes 
suspicious is not explained. Despite some of the drawbacks of 
this proposal were solved in [7], its use is still limited. 
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iii. improving the mobile agent watermarking 

Approach 

In [6], the authors introduced the Mobile Agent Watermark- 
ing approach, a lightweight attack detection approach that 
permits to verify the execution integrity without thinking in 
terms of suspicion. The origin host embeds a fixed watermark 
into the code in order to detect manipulation attacks. As a 
result, the running of the agent creates marked results. When 
the agent returns, the origin host looks for the watermark into 
the results. If a watermark differs from the expected one, this 
means that the corresponding executing host is malicious. 

This paper introduces some improvements to MAW to make 
the proposal more flexible and secure. Before sending the 
agent, the origin host embeds a watermark into the agent's 
code. In each host, the running of the agent creates a data 
container where the watermark will be transferred. The agent 
can put any kind of available data into the container, for 
example dummy data, input data or even intermediate variable 
values. When the execution finishes, the results are also fitted 
into the container. Consequently, the transferred watermark 
changes dynamically during the execution. When the agent 
returns to the origin host, it applies a set of integrity rules 
to all the data containers. These rules must be inferred from 
the modifications performed in the agent's code during the 
watermark embedding. If a container does not fulfill the rules, 
this means that the corresponding host is malicious. 

The rest of the section explains how the watermarks can be 
embedded into the mobile agent and how this proposal can be 
used to detect manipulation attacks. 

A. Watermark embedding and transference 

Before sending the agent, the origin host embeds a water- 
mark into the agent's code by using software watermarking 
techniques [3]. These techniques are not used to protect the 
agent's copyright, but for detecting manipulations performed 
during execution. In each host, the execution of the marked 
code creates a logically-structured data container where the 
watermark will be transferred. During execution, the agent can 
put any kind of available information into the container, for 
example dummy data, input data, intermediate variable values 
or data that come from communications. Finally, the results are 
also fitted into the container. In fact, the data of the container 
can be made up of: 

• Fixed values located in some positions previously known 
by the origin host, like it was in [6]. 

• Values that can change dynamically during the execution 
and fulfill a set of logical rules. 

During the transference process, the agent diffuse (repeat 
values) and confuse (change values) all this information into 
the container. For this reason, the way this information is put 
into the container and the information itself constitute the 
transferred watermark. In short, the container is the digital 
cover where the agent's code must transfer the embedded 
watermark, and hence it can be used as a proof to verify 
the execution integrity. This transference process is shown 
in Figure 1. Furthermore, the container is hiding the results 
from malicious hosts, that is to say, a malicious host should 
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Fig. 1. Watermark transference during the agent's execution 

not tell the difference between the results and the transferred 
watermark. 

B. Detecting manipulation attacks 

When the agent returns home, the origin host tries to detect 
the attacks performed during execution. To do so, the origin 
host verifies that all the containers fulfill a set of integrity rules. 
These rules can be inferred from the modifications performed 
over the original agent* s code to embed the watermark. If a 
container does not fulfill the rules, this means that the corre- 
sponding host modified the mobile agent, so it is malicious. 
Notice that the way the origin host uses to verify the execution 
integrity is the same for all the hosts, but this does not mean 
that all the containers have the same watermark. In fact, the 
transferred watermark is different because it depends on the 
execution. 

The alteration of the watermark not only detects manipu- 
lation attacks, but also proves the malicious behavior of the 
host. In Section IV is explained how the tampered containers 
can be used to punish the malicious hosts by using a TTP, the 
Host Revocation Authority [8]. 

IV. Punishing Manipulation Attacks 

Attack detection approaches are not enough to protect the 
agent on their own. This kind of mechanisms must be attached 
with some punishment policies. Usually, a host will turn into 
malicious behavior only in case that the benefits for tampering 
the agent would be greater than the punishment. Thus, the 
harder the punishment, the less attacks will be performed 
by the hosts. This paper introduces how the mobile agent 
watermarking approach can be used to punish malicious hosts. 

A. Punishment policies 

Little attention has been paid to punishment mechanisms in 
the literature. This section summarizes some of the conducts 
that an origin host can follow when it detects an attack: 

• The origin host does not take into account the partial 
results 1 of the executing hosts detected as malicious. 

'Partial results are those that depend on the execution performed only in 
one host. 



These results are compromised, so they can be discarded 
automatically. On the contrary, if the results depend 
on the execution of more than one host, the whole 
execution is compromised and the origin host can only 
send the agent again removing the malicious hosts from 
the itinerary. This is the easiest punishment, as it only 
depends on the origin host, but it is also the weakest. For 
instance, there are mobile agent scenarios where the agent 
does not take results of execution, so there is nothing 
to discard and hence there is no real punishment to the 
malicious host. Furthermore, the detected malicious hosts 
can continue attacking other agents. 

• The origin host creates a blacklist that contains all the 
executing hosts that attacked its agents. The origin host 
will not send agents to them any more. For instance, in 
an e-commerce scenario the origin host will not buy more 
products to a server that has been detected as malicious. 
This is an improvement of the previous behavior because 
a malicious host can only attack an origin host once. 
This punishment is easy to implement because it only 
depends on the origin host. However, a malicious host 
can continue attacking several different origin hosts. 

• A group of origin hosts shares a common blacklist that 
contains all the malicious hosts. A host is introduced into 
this common blacklist if it is detected attacking an agent 
owned by an origin host of the group. All the malicious 
hosts of the common blacklist will not receive mobile 
agents from this group of origin hosts any more. However, 
a problem arises when there are origin hosts that do not 
trust each other. For instance, a malicious origin host can 
adversely affect an honest executing host by including 
it into the common blacklist. Consequendy, no mobile 
agents will be sent to this honest host. 

• A TTP stores and manages the common blacklist with 
all the hosts that acted maliciously. Obviously, attack 
detection is not enough, but also proving of the mali- 
cious behavior before the TTP adds a new host to the 
blacklist. In [8], the authors introduce a new entity in the 
mobile agent system to solve the lack of an entity with 
punishment capabilities. The Host Revocation Authority 
(HoRA) must be considered an independent TTP in a 
mobile agent system, like the Certification Authority is 
considered in the PKI. The HoRA stores a database with 
some information about the revoked host, i.e. those hosts 
that have been proven malicious. Before sending an agent, 
each origin host consults the revocation information in 
order to delete all the revoked hosts from the agent's 
itinerary. The real strength of this punishment mechanism 
lies in dissuading the executing host from being malicious 
because they can be revoked and consequently they will 
not receive mobile agents any more. 

B. Punishing attacks with MAW 

This paper presents how to use jointly MAW as the attack 
detection mechanism and the HoRA as the TTP in charge of 
the punishment. If the origin host detects that a container has 
been tampered, it can start a revocation protocol in order to 
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add the malicious host to the internal database of the HoRA. 
Before explaining this revocation protocol, some notation used 
in the message and agent passing must be introduced: 

• We denote a mobile agent that moves from host x to host 
y as Agent x -> y (). 

• We denote a message from host x to host y as 
Mes8age x -+ y (). 

• We denote the signed copy of document D as sign a [D], 
where a is the signing host identifier. 

• We denote the One- Way Hash Function value (hash from 
here on) of document D as H(D). 

For easiness reasons, a single-hop scenario has been used for 
the explanation. These are the steps that the principals must 
follow; 

1) Firstly, the origin host sends the agent to perform some 
actions on behalf of the user: 

Ayent 0 ->\(A) 

where A — signo[C ode, Data, H '(Rules)]. The agent 
carries the code, some data and the hash of the rules in 
order to link the rules to this execution. 

2) The executing host receives the agent and extracts the 
code and the data. Now consider that this host acts 
maliciously modifying the agent instead of executing 
the code directly. So then, the execution will create a 
tampered container. The host sends the following agent 
to home: 

Agenti^o(B) 

where B — sign\[A, Container \\. B must contain A 
in order to link the code, the data and the rules with the 
container. 

When the agent arrives to the origin host, it applies the 
integrity rules to the container. As the host modified the exe- 
cution, the container Container \ will not fulfill the integrity 
rules because the watermark has been modified. Consequently, 
the origin host starts a revocation process: 

3) The origin host sends all the proofs of the execution to 
the HoRA: 

Messageo^HoRA ($ign 0 [B, Rules]). 

The HoRA receives the revocation query and starts 
checking the proofs. As all the messages (including 
the agent) are properly signed, none of the entities can 
perform a repudiation attack. Firstly, the HoRA verifies 
that the Rules match with the hash value H (Rules) 
to verify that the code, the data, the container and the 
rules come from the same execution. Next, the HoRA 
must verify the execution integrity, but it cannot execute 
the agent exactly in the same way than the executing 
host because the container does not have all the input 
data (if so, this solution would be equivalent to the 
cryptographic traces approach [14]). The way to verify 
that the execution has not been tampered is by applying 
the integrity rules to the containers. The problem arises 
because these rules are not public, only the origin host 
knows them. So then, the HoRA needs proofs that these 
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Fig. 2. Malicious host revocation using MAW 



rules match the agent's code. This can be done by 
executing the agent (once or several times) with random 
input data. As the integrity rules have been inferred 
directly from the marked code, any container created 
with this code will fulfill the rules, independently from 
the input data. The integrity rules can be considered 
valid if the new container created during this random 
execution fulfills the rules 2 . Finally, the HoRA can verify 
if the executing host acted maliciously by applying the 
integrity rules to the container. The host will be revoked 
in case its container does not fulfill the rules. 
4) Finally, the HoRA sends a message to the origin host 
with the revocation result: 

Message HaRA-+0 {sign HoRA [Revoked^ Tampered execution]). 

Figure 2 shows the complete process in a graphical way. 
C Advantages 

MAW is a lightweight attack detection approach if it is 
compared to the most widely known, the cryptographic traces 
approach [14]. These are some of the advantages of MAW 
regarding the use of traces: 

• The size of the containers is determined by the program- 
mer and can be little enough to make the agent carrying 
them. On the contrary, the traces are not sent to the origin 
host with the agent because their size depends on the 
amount of input data, that can be huge. 

• The origin host can verify the execution integrity of all 
the hosts because the containers return with the agent. 
On the other hand, in the cryptographic traces approach 
the verification is performed in case of suspicion because 
the origin host does not have the traces of all the hosts. 

• In MAW, the executing hosts do not need to store any 
kind of proof. On the contrary, the hosts must store the 
traces for an indefinite period of time because the origin 
host can ask for them in case of suspicion. 

2 If the random containers do not fulfill the integrity rules, this means that 
the origin host is acting dishonestly trying to revoke an honest host. As a 
result, the HoRA could take a disciplinary measure to the origin host 
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• In MAW, the origin host has to apply the rules to 
the containers to verify the execution integrity. In the 
cryptographic traces approach, the origin host must ask 
for the traces of the suspicious hosts to execute the agent 
again. 

• To verify the execution integrity, the HoRA needs to 
execute the agent again with random input data to validate 
the rules, and later apply the rules to the containers. In 
the cryptographic traces approach, the origin host must 
execute the agent again with the input data of the traces. 
This means that both approaches have a similar cost to 
the HoRA. 

D. Drawbacks 

These are the main drawbacks that can be found in the 
Mobile Agent Watermarking approach: 

• The origin host must embed the watermark into the 
agent's code and must infer the rules from these mod- 
ifications. 

• There is an increase in the original code size. Embedding 
a watermark always means that some overhead is added 
to the code. 

• The mobile agent must carry a data container for each 
host, instead of just the results of execution. 

E. Attacks 

These are the main attacks that the malicious hosts can 
perform to MAW; 

• Eavesdropping: all non-encrypted data in the agent can 
be read by the hosts. Although it is possible to modify 
the agent to make it harder to analyze, for instance by 
using obfuscation [4], a malicious host with enough time 
can guess the intentions of the agent. 

• Manipulation: a malicious host can manipulate any part 
of the agent (the code, the data, the execution flow, the 
communications and even the results) to achieve an exe- 
cution on its own profit. The aim of the malicious hosts 
is modifying the agent without altering the watermark, 
because any change in the watermark can be used as 
a proof to punish them. In this sense, the strength of 
MAW is making the watermark imperceptible enough 
to an observer, because a malicious host will be easily 
detected if it tries to modify the agent with no knowledge 
about how these modifications will alter the container. 

• Collusion: it is difficult that a group of colluding hosts 
guesses the transferred watermark by comparing their 
containers, because the watermark is different (dynam- 
ically generated) for each host. 

V. Conclusions 

In this paper, some improvements have been added to the 
MAW approach. Instead of a fixed watermark like it was in [6], 
the origin host embeds a watermark that changes dynamically 
during execution. This makes the proposal more secure and 
flexible. In each host, the agent's code creates a container to 
transfer the watermark of the code and to hide the results. 



These containers are the proof of the good or bad behavior 
of the hosts. When the agent returns home, the origin host 
applies a set of integrity rules that the containers must fulfill. 
These integrity rules can be inferred from the modifications 
performed in the agent's code during the watermark embed- 
ding. If a container does not fulfill the rules, this means that 
the host has modified the agent during execution. 

Additionally, this paper presents how to use jointly MAW 
and the HoRA to verify the execution integrity and to punish 
the malicious hosts. When the origin host detects a manipula- 
tion attack, it sends the proofs of the malicious behavior to the 
HoRA. If finally the HoRA considers that the proofs are valid, 
the new malicious hosts is included into its internal database. 
As a result, this malicious host will not receive agents any 
more. 
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Abstract 

The 21 st century we currently live in is the age based on 
knowledge and information. It is a computer that provides 
power, which can lead the new wave of information. The 
digitalization of information is expressed as the digital 
revolution. Recently, the more important the protection of 
Intellectual Property Rights(IPR). The variety methods for 
protection of intellectual property rights are 
encryption and digital watermarking and access control and 
so on. In this paper, we propose RPLA system of active 
tracking mechanism for IPR protection. Also, protective 
model of intellectual property can use in a protective work 
of digital contents, adaptive agent and system level 
protection on client machine. 

In conclusion, we describe the implementation of our 
model in linux system. 

Key words : IPR, systemcall, hooking, kernel,RPLA 

1. Introduction 

In the past, the most important factors have been that of 
a visible capital and materia!. However, it has been 
changing gradually to an invisible knowledge and 
information from the past. 

Linux is easy to modify, and it has been praised for its 
stability through the verified running systems by many 
users. It runs on the whole PC, and spread out dramatically 
because of the low cost installation. In terms of the current 
trend, it is easy to forecast hereafter that Linux will be the 
most important system hi the major server market. Now is 
the era of Internet, v/c need to put on illegal software 
reproduction on cyberspace, becoming a serious social 
issue as enlarging Internet market. 

As above, these actions must be prohibited. It is natural 
to make a new rule, to open information to the public, to 
authorize the right and to protect the creator who provides 
information. 

In this paper, it will introduce our suggested model, 
which is differentiated with the existing intellectual 
property technology, and to provide explanation about that 
model. 



2. Construction and function of RPLA 
System 



Either online or offline, RPLA system is able to protect 
and track of many sources which arc used in computer, 
prepared for digital distribution of digital contents. 
Those protect able sources are passive resources (file, 
directory, port and so on) and active resources (process, 
thread) and those source are contain in adaptive agent 
technology and block of illegal approach and use. 

2.1. The total structure of the suggested 
model. 

1) Roles of the sever program 

- The basic role of this is giving lots of missions to the 

agent. 

- Receiving and collecting the results from the agents 
who are dispatched to several computers. 

• It can get various statistics and gives new missions 
that are based on the reported results. 

- Supply Network tool or GUI circumstance for 
convenience of manager. 

2) Roles of the agent. 

- Basically, Agents will be dispatched to computers or 
sites, which are necessary to monitor. 

- Dispatched agents carry out their missions that is 
given by severs. Mission means duty and order which 
has to be protected and monitored for the resources 
of clients. 

-The agents save the result to server when it is on-line 
and save to any place when it is off-line. 

2.1.1 Mission Control 

Mission control plays roles that decide the specific 
works and orders to be carried out by the agent, and 
transfer these. The order and work is completed one more 
union. Practical or impractical of the order will be decided 
through condition of AND, OR, according to demand of 
protected clients among the missions. The mission which 
is executed by the agent, will be all changed according as 
the agent dispatch to which IP area or which user's 
computer. The kinds of resources that will be monitored 
by the agent are divided into the active and passive 
element as shown in figure 3-1. Digital content, which is a 
main target to monitor, is classified into File, so this 
comes under the active resource. Identification is to 
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distinguish the site and target that the agent will dispatch 
to and work. Number of count is part that decides the 
number of using and the right of user will be altered 
depending on who users are. Group resource is the part of 
managing that means the resources, which the agent will 
monitor, and the user who will use the resource to be 
banded one unit as a group. 

As above, the mission control is that various working and 
orders which showed in it, are given by consisting of 
agents which is to suit every computers. 

2.1.2 The adaptive agent 

The adaptive agent is operating a proper monitor 
module component to watch and to preserve the resource 
from the computer, which is dispatched agents, according 
to the site and an IP address. The agent has to operate 
downloaded the working component, in the case of 
receiving the duty for extended works and orders, because 
the agent is loading the minimum component. And also 
the adaptive agent technology implies making the 
appropriate agent to preserve and watch of specific sites 
and computers. 

2.1.3 System hooking 

The almost digital contents are file. Such as picture, text, 
and multimedia, these are all consisted of file. File 
hooking system enables file to protect and control itself in 
every hour. The model 2-1 is about RPLA construction 
module that consisting of file system hooking and the 
overall contents about rile system hooking is as following 
in chapter 4. 




[The figure 2-1. RPLA construction module! 



2.1.4 User authorization 



and depends on whether the resources which is necessary 
to keep watch, are many or small. When exchange the 
data connecting with server in the on-line, use TCP 
protocol. Firstly, when the computer which is dispatched 
the agent, is an off-line, it cannot get any related 
information with the authorization because it cannot 
connect with sever programs. Therefore, the agent has to 
have information, which relates with the information of 
the resources that will watch basically, the information of 
user who can use those resources, and the right of using 
number. Secondly, when the number of the resources are a 
lot, even the computer is an on-line, the agent has to find 
out the other way if the area is to big to watch. 

The ways are as figure 3-6. In the case of used the 
resources, which is on monitor, the agent requests for an 
authorization to the server program and that program reply 
to the requests to the agent, in order to authorize of the 
resources. 

This method minimizes the agent's burden of 
information storage but it might put stress on network. It 
may causes problem when the network has an obstacle. 




[The figure 2-2. User attestation method for RPLA ) 

Thirdly, it is a case that number of the protective 
resources is not that many even though it is on-line. At that 
time, basically it loads the other information into the agent 
rather than the protective resources information and a 
user's information of the resource. It also stores into the 
agent's database from the server program by downloading 
the new added resourced information or user's information. 

When that happens, it is faster than getting an authorize 
from connecting by sever each time, and it can be prepared 
for network area or it's error just like the second case 
stated above. 



This means series of process what the agent distinguish 
from who is a proper user when the user try to use a 
resource. The agent has now watched this resource. There 
are three ways to authorize user from the agent of the 
suggested model. The standard of classifying these is 
different depends on the computer is on-line or off-line, 



3. How to dispatch the agent. 

This method means how to install and run the agent 
program into the computer system, which wanted to be 
monitored. 

The first, when the user runs portable disk (CD-ROM, 
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floppy disks) in a computer, the computer installs the 
program automatically. The agent runs it every time when 
the computer is booting by user and the user should not be 
able to notice it is running. In order to hide from the users, 
the function called stealth is used. If it is used, the agent's 
running stage does not appear in the process list. As 
explain about the realization of the stealth's function, it is 
to resister into service module from running module. 

The second, this is a way to dispatch the agent while it 
is on-line same as the user wants to be downloaded file 
which is linked by a special web site. Refer to the figure 3. 
An active component, which is embedded in a web site, 
runs when it is contacted by specific web site. And it tests 
out whether the agent's module is running in a connector's 
computer or not. If not, the package that installs the agent 
module is downloaded and it runs to install it. If the user 
avoids installing of it, they cannot open that site. Therefore, 
the user must install the agent module in that site. 




[ The figure 3 Agent installation process] 



3.1 appropriate manners for decision of the 
resource's right and an illegal use of the specific 
resources. 

To use easily the protective resources and the 
management of the user's information who will use that 
resources. Under a group, many resources and many user's 
information are registered. The user who is registered in 
that group is able to use the registered resources within 
personalized specific right and number of it. The rights, 
which can be distributed to users are as follows. 

• Allow digital contents reading only. 



• Allow digital contents reading and storage in the 
same name. 

• Allow digital contents reading and storage in the 
other name. 

• Allow erase and change name as maintenance 

• Allow running of process thread. 

• Allow hard-copy of the digital contents. 

• Allow using of clip-board when digital contents 
are possible to read and write. 

Next, the appropriate manner when the user use the 
protective resource illegally or getting close to it, is as 
follow. 

• Show out warning message. 

• Shutdown an application program that runs the 
illegal used resource. 

• Delete and modify of this thing. 

• Shutdown a computer system that is tried 
illegally. 



4 RPLA for Linux Base description 

As shown in the picture 4-1, the main working mechanism 
begins under the relation between kernel mode and user 
mode. It is said that the overall structure enabling kernel 
mode to provide best result, there has been main role of 
kernel module. When a user makes program, one can operate 
a system calling as like naming subroutine process. 
While user process calls a system call, the control process 
turns user mode into kernel mode. After finishing system 
call, It returns original status. 

The Big difference between user mode and kernel mode is 
that the code that resides in user process, can access memory 
and kernel space. In contrast the process that is located in 
user mode is able to access only itself. 

The processes in user space do not interfere each other, 
They are able to access only by calling system calls. 
System calls by doing interrupt procedure, which means 
actual system calls can only operate by calling interrupt 
routine begins system calling and saves in 
arch/i386/kernel/entry. The application is the program that 
is able to work under various situation in user mode. 
Application program is consisted of server and agent, 
agent exchange many information through communication 
between server and socket. 

Agent does various works directly to protect 
information, Server has the ability of user information 
and allowing level of information protection to provide as 
a role of donator. In the kernel space, many actions from 
mouse click and keyboard stroke send to application 
program. 

The file processes such as readO, write(), openO. copyO, 
delete(), rename(), modify(), chmodO, save(), save as(), 
closeQ, etc are receiving from kernel space by hooking 
mechanism. 

As we can get the detail information under the process 
of agent at the moment. 

If the agent detects right information we should protect, 
the agent gets the message by hooking. Also the 
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information is the one after comparing in the registered 
information. If not, Agent restricts application not to use it 
The mail role of information from kernel module is to 
cope with DRM solution by doing it. After above 
procedure, Agent is able to protect information by 
exchanging dynamically. The main characteristic is to 
protect knowledge base copyright protection by sensing 
the illegal actions before or after. The system can operate 
automatically by exchanging realtime messages between 
server and agent. This is the right dynamic system to 
maximize resource management and under various 
situation. 
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[The figure 4.1 System construction and function] 



5. Consideration 

To realize the Linux based agent as above, there are 

more considerable factors that should be worked out to 
protect the entire contents protection, besides some 
necessary development technologies. If these factors are 
working out, the entire contents protection will be realized 
safely. 

a) Unkillable Process 

The user is easy to complete the running process because 
he has a right about root on his own pc. But it's only 
possible to protect, not to let the process complete, even if 
RPLA got a right about root. 

b) Hidden Process 

Another way to not to be completed the process is that 
conceal the fact that the process is running. 

c) Hidden Proc/ 

Every process in Linux gets an entry under /proc file 
system. Therefore, the entry should not let the user know 
the entry under /proc. 



authority either law or technology is becoming a serious 
social issue. As well as Korea, other courtiers are in 
process to study about improving law system and technical 
study, like watermarking. 

In this paper, it presents RFLA System as one method 
for intellectual property protection and look for the 
techniques that realize the RPLA for Linux, can possibly 
runs on Linux platform. There are some advantages that 
can offer a protection function in systematic field, deal 
with actively, comparing to other digital watermarking 
technology, and accept variable missions. However, it 
needs so many caution and effort because Agent runs on 
not to let the users recognize in PC and should stand on 
attack by any other propound users who have a lot of 
knowledge about Linux system. RPLA System, in 
progress of developing and extending now to solve these 
problems should settle down as a solution, offers a better 
function about intellectual property protection 
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6. Conculsion 

As society is getting digitalized, and information- 
oriented, as digital contents productions are distributed 
freely, the protection about digital contents copyright 
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Abstract 

The 21 s ' century we currently live in is the age based on 
knowledge and information. It is a computer that provides 
power, which can lead the new wave of information. The 
digitalization of information is expressed as the digital 
revolution. Recently, (he more important the protection of 
Intellectual Property Rights(lPR). The variety method? for 
protection of intellectual property rights are 
encryption and digital watermarking and access control and 
so on. In this paper, we propose RPLA system of active 
tracking mechanism for IPR protection. Also, protective 
model of intellectual property can use in a protective work 
of digital contents, adaptive agent and system level 
protection on client machine. 

In conclusion, we describe the implementation of our 
model in lima system. 

Key words : IPR, systemcall, hooking, kemel,RPLA 

1. Introduction 

In the past, the most important factors have been that of 
a visible capital and material. However, it has been 
changing gradually to an invisible knowledge and 
information from the past. 

Linux is easy to modify, and it has been praised for its 
stability through the verified running systems by many 
users, Jt runs on the whole PC, and spread out dramatically 
because of the low cost installation. In terms of the current 
trend, it is easy to forecast hereafter that Linux will be the 
most important system in the major server market. Now is 
the era of Internet, wc need to put on illegal software 
reproduction on cyberspace, becoming a serious social 
issue as enlarging Internet market. 

As above, these actions must be prohibited. It is natural 
to make a new rule, to open information to the public, to 
authorize the right and to protect the creator who provides 
information. 

In this paper, it will introduce our suggested model, 
which is differentiated with the existing intellectual 
property technology, and to provide explanation about that 
model. 



2. Construction and function of RPLA 
System 



Either online or offline, RPLA system is able to protect 
and track of many sources which arc used in computer, 
prepared for digital distribution of digital contents. 
Those protect able sources are passive resources (file, 
directory, port and so on) and active resources (process, 
thread) and those source are contain in adaptive agent 
technology and block of illegal approach and use. 

2.1. The total structure of the suggested 
model. 

1) Roles of the sever program 

- The basic role of this is giving lots of missions to the 

agent. 

- Receiving and collecting the results from the agents 
who are dispatched to several computers. 

- It can get various statistics and gives new missions 
that are based on the reported results. 

- Supply Network tool or GUI circumstance for 
convenience of manager. 

2) Roles of the agent. 

• Basically, Agents will be dispatched to computers or 
sites, which are necessary to monitor. 

- Dispatched agents carry out their missions that is 
given by severs. Mission means duty and order which 
has to be protected and monitored for the resources 
of clients. 

-The agents save the result to server when it is on-line 
and save to any place when it is off-line, 

2.1.1 Mission Control 

Mission control plays roles that decide the specific 
works and orders to be carried out by the agent, and 
transfer these. The order and work is completed one more 
union. Practical or impractical of the order will be decided 
through condition of AND, OR, according to demand of 
protected clients among the missions. The mission which 
is executed by the agent, will be all changed according as 
the agent dispatch to which IP area or which user's 
computer. The kinds of resources that will be monitored 
by the agent are divided into the active and passive 
element as shown in figure 3-1. Digital content, which is a 
main target to monitor, is classified into File, so this 
comes under the active resource. Identification is to 
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distinguish the site and target that the agent will dispatch 
to and work. Number of count is part that decides the 
number of using and the right of user will be altered 
depending on who users arc. Group resource is the part of 
managing that means the resources, which the agent will 
monitor, and the user who will use the resource to be 
banded one unit as a group. 
As above, the mission control is that various working and 
orders which showed in it, are given by consisting of 
agents which is to suit every computers. 

2.1.2 The adaptive agent 

The adaptive agent is operating a proper monitor 
module component to watch and to preserve the resource 
from the computer, which is dispatched agents, according 
to the site and an IP address. The agent has to operate 
downloaded the working component, in the case of 
receiving the duty for extended works and orders, because 
the agent is loading the minimum component. And also 
the adaptive agent technology implies making the 
appropriate agent to preserve and watch of specific sites 
and computers. 

2.1.3 System hooking 

The almost digital contents are file. Such as picture, text, 
and multimedia, these are all consisted of file. File 
hooking system enables file to protect and control itself in 
every hour. The model 2-1 is about RPLA construction 
module that consisting of file system hooking and the 
overall contents about file system hooking is as following 
in chapter 4. 




and depends on whether the resources which is necessary 
to keep watch, are many or small. When exchange the 
data connecting with server in the on-line, use TCP 
protocol. Firstly, when the computer which is dispatched 
the agent, is an off-line, it cannot get any related 
information with the authorization because it cannot 
connect with sever programs. Therefore, the agent has to 
have information, which relates with the information of 
the resources that will watch basically, the information of 
user who can use those resources, and the right of using 
number. Secondly, when the number of the resources are a 
lot, even the computer is an on-line, the agent has to find 
out the other way if the area is to big to watch. 

The ways are as figure 3-6. In the case of used the 
resources, which is on monitor, the agent requests for an 
authorization to the server program and that program reply 
to the requests to the agent, in order to authorize of the 
resources. 

This method minimizes the agent's burden of 
information storage but it might put stress on network. It 
may causes problem when the network has an obstacle. 




[The figure 2-1. RPLA construction module) 



2.1.4 User authorization 



[The figure 2-2. User attestation method for RPLA ] 

Thirdly, it is a case that number of the protective 
resources is not that many even though it is on-line. At that 
time, basically it loads the other information into the agent 
rather "than the protective resources information and a 
user's information of the resource. It also stores into the 
agent's database from the server program by downloading 
the new added resourced information or user's information. 

When that happens, it is faster than getting an authorize 
from connecting by sever each time, and it can be prepared 
for network area or it's error just like the second case 
stated above. 
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This means series of process what the agent distinguish 
from who is a proper user when the user try to use a 
resource. The agent has now watched this resource. There 
are three ways to authorize user from the agent of the 
suggested model. The standard of classifying these is 
different depends on the computer is on-line or off-line, 



3. How to dispatch the agent. 

This method means how to install and run the agent 
program into the computer system, which wanted to be 
monitored. 

The first, when the user runs portable disk (CD-ROM, 
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floppy disks) in a computer, the computer installs the 
program automatically. The agent runs it every time when 
the computer is booting by user and the user should not be 
able to notice it is running. In order to hide from the users, 
the function called stealth is used. If it is used, the agent's 
running stage does not appear in the process list. As 
explain about the realization of the stealth's function, it is 
to resister into service module from running module. 

The second, this is a way to dispatch the agent while it 
is on-line same as the user wants to be downloaded file 
which is linked by a special web site. Refer to the figure 3. 
An active component, which is embedded in a web site, 
runs when it is contacted by specific web site. And it tests 
out whether the agent's module is running in a connector's 
computer or not. If not, the package that installs the agent 
module is downloaded and it runs to install it. If the user 
avoids installing of it, they cannot open that site. Therefore, 
the user must install the agent module in that site. 




[ The figure 3 Agent installation process] 



3.1 appropriate manners for decision of the 
resource's right and an illegal use of the specific 
resources. 

To use easily the protective resources and the 
management of the user's information who will use that 
resources. Under a group, many resources and many user's 
information are registered. The user who is registered in 
that group is able to use the registered resources within 
personalized specific right and number of it. The rights, 
which can be distributed to users are as follows. 

• Allow digital contents reading only. 



• Allow digital contents reading and storage in the 
same name. 

• Allow digital contents reading and storage in the 
other name. 

• Allow erase and change name as maintenance 

• Allow running of process thread. 

• Allow hard-copy of the digital contents. 

• Allow using of clip-board when digital contents 
are possible to read and write. 

Next, the appropriate manner when the user use the 
protective resource illegally or getting close to it, is as 
follow. 

• Show out warning message. 

• Shutdown an application program that runs the 
illegal used resource. 

• Delete and modify of this thing. 

• Shutdown a computer system that is tried 
illegally. 



4 RPLA for Linux Base description 

As shown in the picture 4-1, the main working mechanism 
begins under the relation between kernel mode and user 
mode. It is said that the overall structure enabling kernel 
mode to provide best result, there has been main role of 
kernel module. When a user makes program, one can operate 
a system calling as like naming subroutine process. 
While user process calls a system call, the control process 
rums user mode into kernel mode. After finishing system 
call, It returns original status. 

The Big difference between user mode and kernel mode is 
that the code that resides in user process, can access memory 
and kernel space. In contrast the process that is located in 
user mode is able to access only itself. 

The processes in user space do not interfere each other, 
They are able to access only by calling system calls. 
System calls by doing interrupt procedure, which means 
actual system calls can only operate by calling interrupt 
routine begins system calling and saves in 
arch/i386/kernel/entry. The application is the program that 
is able to work under various situation in user mode. 
Application program is consisted of server and agent, 
agent exchange many information through communication 
between server and socket. 

Agent does various works directly to protect 
information, Server has the ability of user information 
and allowing level of information protection to provide as 
a role of donator. In the kernel space, many actions from 
mouse click and keyboard stroke send to application 
program. 

The file processes such as readO, write(), open() ( copyO, 
delete(), rename(), modify(), chmod(), save(), save as()» 
closeQ, etc are receiving from kernel space by hooking 
mechanism. 

As we can get the detail information under the process 
of agent at the moment. 

If the agent detects right information we should protect, 
the agent gets the message by hooking. Also the 
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information is the one after comparing in the registered 
information. If not, Agent restricts application not to use it 
The mail role of information from kernel module is to 
cope with DRM solution by doing it. After above 
procedure, Agent is able to protect information by 
exchanging dynamically. The main characteristic is to 
protect knowledge base copyright protection by sensing 
the illegal actions before or after. The system can operate 
automatically by exchanging realtime messages between 
server and agent. This is the right dynamic system to 
maximize resource management and under various 
situation. 




[The figure 4.1 System construction and function] 



5. Consideration 

To realize the Linux based agent as above, there are 

more considerable factors that should be worked out to 
protect the entire contents protection, besides some 
necessary development technologies. If these factors are 
working out, the entire contents protection will be realized 
safely. 

a) Unkillable Process 

The user is easy to complete the running process because 
he has a right about root on his own pc. But it's only 
possible to protect, not to let the process complete, even if 
RPLA got a right about root. 

b) Hidden Process 

Another way to not to be completed the process is that 
conceal the fact that the process is running. 

c) Hidden Proc/ 

Every process in Linux gets an entry under /proc file 
system. Therefore, the entry should not let the user know 
the entry under /proc. 



6. Concuision 

As society is getting digitalized, and information- 
oriented, as digital contents productions are distributed 
freely, the protection about digital contents copyright 



authority either law or technology is becoming a serious 
social issue. As well as Korea, other courtiers are in 
process to study about improving law system and technical 
study, like watermarking. 

In this paper, it presents RPLA System as one method 
for intellectual property protection and look for the 
techniques that realize the RPLA for Linux, can possibly 
runs on Linux platform. There are some advantages that 
can offer a protection function in systematic field, deal 
with actively, comparing to other digital watermarking 
technology, and accept variable missions. However, it 
needs so many caution and effort because Agent runs on 
not to let the users recognize in PC and should stand on 
attack by any other propound users who have a lot of 
knowledge about Linux system. RPLA System, in 
progress of developing and extending now to solve these 
problems should settle down as a solution, offers a better 
function about intellectual property protection 
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